domain login

Dear All,

Laptops on my Office are connected into My Server Domain . Every user has their own user and password to log on into domain (server). But I have problem if the user were out from the network (not connected to the domain) the user still can use their laptops. I need to know how to make the laptop must always connected to the domain and if they were not the laptop cannot be used...




Noob Whisperer
Not sure exactly what you are talking about here, but if you're talking about users, using their domain credentials to logon to their laptops when they are not connected to the domain then you need to configure a GPO (group policy object).
You should probably do this on a domain level or a particular OU (organizational unit). Or you can do it individually on each client computer but if I remember correctly domain policies override local policies so it probably won't work unless you make it a domain wide policy and point it at the domain computers you're concerned about, hopefully which you have already organized into a single OU where you can apply the GPO.
You need to enable "Network access: Do not allow storage of passwords and credentials for network authentication"
You can find that within the Group Policy Editor under
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.

That will not however keep them from logging on locally with a local (unique to that machine) username and password. You would need to control that on an individual basis by configuring any local account with a password that was unknown to the individual user.... something only you knew.

And they could still hack it if they can boot to a CD or USB thumb drive easily enough.

where can I find the Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options ?
on windows server..I configure the GPO..but still can't find where does the option


Noob Whisperer
which version of windows server?

the which version of windows server?
in order to explain all of its

This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.